I'll give an example. At my previous company there was a program where you basically select a start date, select an end date, select the system and press a button and it reaches out to a database and pulls all the data following that matches those parameters. The horrors of this were 1. The queries were hard coded.

They were stored in a configuration file, in xml format.
The queries were not 1 entry. It was 4, a start, the part between start date and end date, the part between end date and system and then the end part. All of these were then concatenated in the program intermixed with variables.
This was then sent to the server as pure sql, no orm.
Here's my favorite part. You obviously don't want anyone modifying the configuration file so they encrypted it. Now I know what you're thinking at some point you probably will need to modify or add to the configuration so you store an unencrypted version in a secure location. Nope! The program had the ability to encrypt and decrypt but there were no visible buttons to access those functions. The program was written in winforms. You had to open the program in visual studio, manually expand the size of the window(locked size in regular use) and that shows the buttons. Now run the program in debug. Press the decrypt button. DO NOT EXIT THE PROGRAM! Edit the file in a text editor. Save file. Press the encrypt button. Copy the encrypted file to any other location on your computer. Close the program. Manually email the encrypted file to anybody using the file.

you are viewing a single comment's thread
view the rest of the comments

[–] phoenixz@lemmy.ca 41 points 1 day ago (1 children)

A program that HR had built so that all employees could they their payment receipts online

The username was the companies' email address, the password was a government personal id code that you can lookup online, a don't change, and you can't update the password to something else.

So I told the director of HR this was a bad idea. She told me I was overreacting until I showed her her own receipt, then she finally understood that this is a really fucking bad idea.

Okay, so now she out me in charge of debugging that program.

So I setup a meeting with the director of the company they hired, he came by with the developer: a 21 yo girl who I think hadn't finished college yet. Great start! Apparently it was her idea to do the authentication like that so that explains a few things.

So we dive in to the code.

First of all, the "passwords" were stored in blank, no hashing, no encryption, nothing. That wasn't the worst.

For the authentication she made a single query to check if the user email existed. Of that was true, then step two was a second query to see if the password existed. If that were true, the email had been authenticated.

So let's say, hypothetically, that they had actual passwords that people could change... I could still login with the email from anyone, and then use MY OWN password to authenticate.

This just blew my mind so hard that I don't think I ever fully recovered, I still need treatment. The stupidity hurts

[–] groet@feddit.org 19 points 1 day ago (1 children)

I wouldnt blame that on stupidity as much as on ignorance and naivety. Many people simply don't think about anybody deliberately misusing their design. The idea that somebody could even want to access somebody elses receipts didn't occur to them. And if they were still doing their studies they might not have known that you can "combine" SQL queries and ask for two things at once.

I don't blame the girl, but whoever chose her to design a system with sensitive information.

[–] phoenixz@lemmy.ca 3 points 21 hours ago (1 children)

I don't blame a girl for doing a job that lands her food on the table. I blame the guy employing her because she's the cheapest option

Having said that, this design was so bad that she should not have been doing any of this. If you don't know that SQL allows you to select multiple columns then by all means, do a tutorial, it's not that hard.

If you don't even know what encryption is, that passwords need hashing and what not, then you should really question what you're doing

OPs question was about the worst code I've seen, that was the worst I've seen

[–] RobertoOberto@sh.itjust.works 1 points 14 hours ago

If you don’t even know what encryption is, that passwords need hashing and what not, then you should really question what you’re doing

I agree with your point, but I would phrase it more generally: when we're assigned a task in a problem space we are unfamiliar with, we should always take some time to research that space before designing our solution.

After all, if we don't know what encryption or password hashing are, how could we know that we need to learn about them first? But spending just a couple hours one morning reading about password and authentication management would have given the developer a good sense of best practices.

So she either, A) didn't think to familiarize herself with a new topic prior to working on it, or B) did read about it and ignored general industry guidance. Both of those options are more problematic to me than simply not knowing specific things. Those are process problems that need to be addressed to build her skills as a developer.

But ultimately, in my opinion, this is really all the fault of the cheapass director who didn't want to pay any experienced professionals to handle the task.